exploitDog

GHSA-mw45-m2cr-q9jj

Опубликовано: 08 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Ссылки

EPSS

Процентиль: 72%

0.00741

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-30292

CVSS3: 6.1

nvd

10 месяцев назад

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

BDU:2025-04791

CVSS3: 6.1

fstec

10 месяцев назад

Уязвимость программной платформы ColdFusion, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 72%

0.00741

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79